Looking ahead to PCI DSS v4

PCI SSC has begun efforts on PCI Data Security Standard version 4.0 (PCI DSS v4.0). Here we provide more insight into the development process and how PCI SSC is looking at changing the standard to support businesses around the world in their efforts to safeguard payment card data before, during and after a purchase is made.

Goals for PCI DSS v4.0

The 12 core PCI DSS requirements are not expected to fundamentally change with PCI DSS v4.0, as these are still the critical foundation for securing payment card data.  However, based on feedback received, PCI SSC is evaluating how to evolve the standard to accommodate changes in technology, risk mitigation techniques, and the threat landscape. PCI SSC is also looking at ways to introduce greater flexibility to support organizations using a broad range of controls and methods to meet security objectives.

Key high-level goals for PCI DSS v4.0 are:

  • Ensure the standard continues to meet the security needs of the payments industry
  • Add flexibility and support of additional methodologies to achieve security
  • Promote security as a continuous process
  • Enhance validation methods and procedures.

PCI DSS v4.0 is not anticipated for release prior to late 2020. Specific timing on the release is dependent upon feedback received during the development period. PCI SSC will keep stakeholders updated on timing throughout the process.